Attacks on hypervisor through guest OS
is to use a guest OS to gain unauthorized access to other VMs or the hypervisor. This is also known as VM escapes or jailbreak attacks as the attacker essentially "escapes" the confinement of the VM into layers that are otherwise unknown to the VM [Murphy07]. This is the most plausible attack on the hypervisor, since usually an attacker can only compromise a VM remotely as the underlying host OS is invisible. However, since many VMs share the same physical resources, if the attacker can find how his VM's virtual resources map to the physical resources, he will be able to conduct attacks directly on the real physical resources. By modifying his virtual memory in a way that exploits how the physical resources are mapped to each VM, the attacker can affect all the VMs, the hypervisor, and potentially other programs on that machine. Figure 4 shows the relationship between the virtual resources and the physical resources, and how the attacker can attack the hypervisor and other VMs.
Figure 4: Attack on Hypervisor through Guest OS
These two types of attacks are the most obvious vulnerabilities in virtualization, but there are other potential ways to exploit a virtualized data center or cloud.